Hello, I have a question how we can logout the user due to inactivity. By inactivity I mean the user for example opens the home page and stays there and not interaction with the app for 1 min.
After that when he refresh his page, he should be logged out.
The things I tried are these:
I changed the Inactivity timeout value from the tenant settings to 1 min.
I logged in the app with visiting the “/api/auth/login” route, then the Universal Login page is opened, after successful credentials the user is redirected to our app.
So far so Good.
Then:
If I wait 20 secs and try to go again to the “/api/auth/login”, I am getting back to the app and the Universal Login page is NOT showed (this is working correctly).
If I wait more than 1 min and go to the “/api/auth/login”, then the Universal Login Page is showed again and the we can login again. BUT here the thing is that if in this case WHILE I am on the Universal Login Page and I go to the app homepage, I still can get all the user data from the “useUser()” hook.
So I want the user is inactive AND 1 min passes AND the user refresh his page, the data from the useUser() hook to be undefined
If during that 1min after the login, on every user interaction that 1 min should be renewed.
So can you give suggestions how can that be accomplished ?
Ok, so to be able to logout the user after X time, there should be an env variables:
AUTH0_SESSION_ROLLING=true
AUTH0_SESSION_ROLLING_DURATION=60 ---> means 60 secs.
Well that is ok, if the user stays on the app without doing anything, when he refreshes the page he is logged out.
THE PROBLEMS:
- For example if the user logs in, he interact with the app for 2 mins he is still logged in. BUT if he reloads the page gets LOGGED OUT again, even if he has interacted with the app for 2 mins.
- If the user logs in and stays in the app without doing anything for more than 1 min, then if he refresh the page he is logged out. But if he clicks login he is automatically logged in…
The 2nd problem can be “fixed” if on Settings -> Advanced -> Inactivity Timeout
I set for example 1 min.
But that means if I have ROLLING_DURATION=60
and Inactivity Timeout = 1 min
,
the user can interact with the app for 5 mins for example but everytime when he refreshes the page he will be logged out.
IS There a solution if I have ROLLING_DURATION=60
if the user interacts with the app, that timer to be refreshed, so if the interacts with the app for 2 mins and refreshes his page HE STILL NEED to be logged in, not like now to logged out no matter he is interacting with the app.
Also the other thing to not get automatically logged in if he is inactive for 1 min, refresh the page and hit login again.